CK_RV gkm_crypto_verify_xsa (gcry_sexp_t sexp, CK_MECHANISM_TYPE mech, CK_BYTE_PTR data, CK_ULONG n_data, CK_BYTE_PTR signature, CK_ULONG n_signature) { int algorithm; CK_RV rv; g_return_val_if_fail (sexp, CKR_GENERAL_ERROR); g_return_val_if_fail (signature, CKR_ARGUMENTS_BAD); g_return_val_if_fail (data, CKR_ARGUMENTS_BAD); if (!gkm_sexp_parse_key (sexp, &algorithm, NULL, NULL)) g_return_val_if_reached (CKR_GENERAL_ERROR); /* * The algorithm checks below are merely sanity checks. * Other code should have checed this at an earlier stage * and return the right error codes if invalid. */ switch (mech) { case CKM_RSA_PKCS: g_return_val_if_fail (algorithm == GCRY_PK_RSA, CKR_GENERAL_ERROR); rv = gkm_rsa_mechanism_verify (sexp, egg_padding_pkcs1_pad_01, data, n_data, signature, n_signature); break; case CKM_RSA_X_509: g_return_val_if_fail (algorithm == GCRY_PK_RSA, CKR_GENERAL_ERROR); rv = gkm_rsa_mechanism_verify (sexp, egg_padding_zero_pad, data, n_data, signature, n_signature); break; case CKM_DSA: g_return_val_if_fail (algorithm == GCRY_PK_DSA, CKR_GENERAL_ERROR); rv = gkm_dsa_mechanism_verify (sexp, data, n_data, signature, n_signature); break; default: /* Again shouldn't be reached */ g_return_val_if_reached (CKR_GENERAL_ERROR); }; return rv; }
guchar* gkm_data_der_write_private_key (gcry_sexp_t s_key, gsize *len) { gboolean is_priv; int algorithm; g_return_val_if_fail (s_key != NULL, NULL); if (!gkm_sexp_parse_key (s_key, &algorithm, &is_priv, NULL)) g_return_val_if_reached (NULL); g_return_val_if_fail (is_priv, NULL); switch (algorithm) { case GCRY_PK_RSA: return gkm_data_der_write_private_key_rsa (s_key, len); case GCRY_PK_DSA: return gkm_data_der_write_private_key_dsa (s_key, len); default: g_return_val_if_reached (NULL); } }
guchar* gkm_data_der_write_private_pkcs8_plain (gcry_sexp_t skey, gsize *n_data) { GNode *asn = NULL; int algorithm; gboolean is_priv; GQuark oid; guchar *params, *key, *data; gsize n_params, n_key; init_quarks (); /* Parse and check that the key is for real */ if (!gkm_sexp_parse_key (skey, &algorithm, &is_priv, NULL)) g_return_val_if_reached (NULL); g_return_val_if_fail (is_priv == TRUE, NULL); asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-8-PrivateKeyInfo"); g_return_val_if_fail (asn, NULL); /* Write out the version */ if (!egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn, "version", NULL), 0)) g_return_val_if_reached (NULL); /* Per algorithm differences */ switch (algorithm) { /* RSA gets encoded in a standard simple way */ case GCRY_PK_RSA: oid = OID_PKIX1_RSA; params = NULL; n_params = 0; key = gkm_data_der_write_private_key_rsa (skey, &n_key); break; /* DSA gets incoded with the params seperate */ case GCRY_PK_DSA: oid = OID_PKIX1_DSA; key = gkm_data_der_write_private_key_dsa_part (skey, &n_key); params = gkm_data_der_write_private_key_dsa_params (skey, &n_params); break; default: g_warning ("trying to serialize unsupported private key algorithm: %d", algorithm); return NULL; }; /* Write out the algorithm */ if (!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "privateKeyAlgorithm", "algorithm", NULL), oid)) g_return_val_if_reached (NULL); /* Write out the parameters */ if (params) { if (!egg_asn1x_set_raw_element (egg_asn1x_node (asn, "privateKeyAlgorithm", "parameters", NULL), params, n_params, egg_secure_free)) g_return_val_if_reached (NULL); } /* Write out the key portion */ if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn, "privateKey", NULL), key, n_key, egg_secure_free)) g_return_val_if_reached (NULL); data = egg_asn1x_encode (asn, egg_secure_realloc, n_data); if (data == NULL) g_warning ("couldn't encode private pkcs8 key: %s", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); return data; }